I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Since scare tactics appear to be at least start thinking about the problem, or what drives some people to take fix malware problem a little more seriously, let me shoot a couple of scare tactics your way.
Backup plug-ins is also important. You want to backup all the files and database you can easily bring your own site back like nothing happened.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Also, nobody will be able to read the file unless they have FTP or SSH access to your server.
WordPress is one of the most popular platforms for sites and self-hosted sites. While WordPress is pretty secure from the box, there view it now are always going to be individuals who wish to create trouble by finding a way to split into accounts or sites to cause harm or inject hidden spammy links. That is why it's important to make sure that your WordPress installation is as secure as possible.
But realize that online security is something that you really need to start thinking about. Don't only be the reactive type, consider action to begin today protecting yourself. Don't let Joe the Hacker make your life miserable and turn all in creating come crashing down in a matter of moments that you've worked hard.